SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 17 October 2023
⏱️ 146 minutes
🧾️ Download transcript
Summary
- ValiDrive release follow-up
- Passkeys exportability and phishing risk
- Passkeys for device verification like SSH keys
- Possibility of hobby browsers vs. production browsers
- Availability of SpinRite 6.1 pre-release
- Filling drives with crypto noise using VeraCrypt
- Steve and Leo's favorite OTP apps
- Google Docs link rewriting could be to prevent referrer leakage
- Abusing HTTP/2 Rapid Reset
Show notes: https://www.grc.com/sn/SN-944-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here and we have a very big show for you. |
| 0:06.0 | Lots of information but most importantly we're going to talk about the largest DDoS attack of all time. |
| 0:14.0 | How it happened, why it happened and what companies and more importantly server makers can do to stop it. |
| 0:22.0 | That's next on Security Now. |
| 0:24.0 | Podcasts you love. |
| 0:28.0 | From people you trust. |
| 0:30.0 | This is Tweet. |
| 0:36.0 | This is Security Now as Steve Gibson. |
| 0:39.0 | Episode 944 recorded October 17th, 2023. |
| 0:44.0 | Abusing HTTP2 rapid reset. |
| 0:48.0 | This episode of Security Now is brought to you by Melissa. |
| 0:52.0 | More than 10,000 clients worldwide rely on Melissa for full spectrum data quality and ID verification software. |
| 1:00.0 | Make sure your customer contact data is up to date this holiday season. |
| 1:04.0 | Get started today with 1000 records cleaned for free at Melissa.com. |
| 1:10.0 | Slashed with. |
| 1:12.0 | And by Duo. |
| 1:14.0 | Protect against breaches with a leading access management suite providing strong multi-layered defenses to only allow legitimate users in. |
| 1:21.0 | For any organization concerned about being breached and in need of a solution fast. |
| 1:27.0 | Duo quickly enables strong security and improves user productivity. |
| 1:31.0 | Visit cs.co slash twit today for a free trial. |
| 1:37.0 | And by bit warden. |
| 1:39.0 | Get the open source password manager that can help you stay safe online. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.